name: Release on: workflow_dispatch: inputs: release_tag_name_input: description: "Release Tag Name " required: true jobs: setup: runs-on: ubuntu-latest outputs: release_upload_url: ${{ steps.create_release.outputs.upload_url }} release_version: ${{ steps.create_tags.outputs.package_version }} tag_version: ${{ steps.create_tags.outputs.tag_version }} steps: - name: Checkout repo uses: actions/checkout@v2 - name: Create Release Vars id: create_tags run: | case "${RELEASE_TAG_NAME_INPUT:0:1}" in v) echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}" echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT" ;; [0-9]) echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT" echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT" ;; *) exit 1 ;; esac env: RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }} - name: Create Draft Release id: create_release uses: actions/create-release@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ env.RELEASE_TAG_NAME }} release_name: ${{ env.RELEASE_NAME }} draft: true prerelease: false release: runs-on: ubuntu-latest needs: setup env: RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} TAG_VERSION: ${{ needs.setup.outputs.tag_version }} steps: - name: Print environment run: | whoami docker --version Write-Output "GitHub ref: $env:GITHUB_REF" Write-Output "GitHub event: $env:GITHUB_EVENT" shell: pwsh env: GITHUB_REF: ${{ github.ref }} GITHUB_EVENT: ${{ github.event_name }} - name: Login to Azure uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a with: creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - name: Retrieve secrets id: retrieve-secrets uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 with: keyvault: "bitwarden-prod-kv" secrets: "docker-password, docker-username, dct-delegate-repo-passphrase, dct-delegate-key, dct-repo-server-key, dct-repo-attachments-key, dct-repo-admin-key, dct-repo-nginx-key, dct-repo-k8sproxy-key, dct-repo-sso-key, dct-repo-api-key, dct-repo-portal-key, dct-repo-setup-key, dct-repo-notifications-key, dct-repo-events-key, dct-repo-web-key, dct-repo-icons-key, dct-repo-identity-key" - name: Log into docker if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin env: DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} - name: Setup Docker Trust run: | mkdir -p ~/.docker/trust/private echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key echo "$DCT_REPO_API_KEY" > ~/.docker/trust/private/$DCT_REPO_API_ID.key echo "$DCT_REPO_IDENTITY_KEY" > ~/.docker/trust/private/$DCT_REPO_IDENTITY_ID.key echo "$DCT_REPO_SERVER_KEY" > ~/.docker/trust/private/$DCT_REPO_SERVER_ID.key echo "$DCT_REPO_ATTACHMENTS_KEY" > ~/.docker/trust/private/$DCT_REPO_ATTACHMENTS_ID.key echo "$DCT_REPO_ICONS_KEY" > ~/.docker/trust/private/$DCT_REPO_ICONS_ID.key echo "$DCT_REPO_NOTIFICATIONS_KEY" > ~/.docker/trust/private/$DCT_REPO_NOTIFICATIONS_ID.key echo "$DCT_REPO_EVENTS_KEY" > ~/.docker/trust/private/$DCT_REPO_EVENTS_ID.key echo "$DCT_REPO_ADMIN_KEY" > ~/.docker/trust/private/$DCT_REPO_ADMIN_ID.key echo "$DCT_REPO_NGINX_KEY" > ~/.docker/trust/private/$DCT_REPO_NGINX_ID.key echo "$DCT_REPO_K8SPROXY_KEY" > ~/.docker/trust/private/$DCT_REPO_K8SPROXY_ID.key echo "$DCT_REPO_SSO_KEY" > ~/.docker/trust/private/$DCT_REPO_SSO_ID.key echo "$DCT_REPO_PORTAL_KEY" > ~/.docker/trust/private/$DCT_REPO_PORTAL_ID.key echo "$DCT_REPO_MSSQL_KEY" > ~/.docker/trust/private/$DCT_REPO_MSSQL_ID.key echo "$DCT_REPO_SETUP_KEY" > ~/.docker/trust/private/$DCT_REPO_SETUP_ID.key env: DCT_DELEGATION_KEY_ID: "5702b22123e058cbd96a7a43000cb981ae98ef3f2f4aa34138ab3dc1d011e446" DCT_REPO_API_ID: "525fa3e70b84669c9fe489c5a3d0974898d14c0807b19447242c60ed8d4ca766" DCT_REPO_IDENTITY_ID: "084da6ea47ba1c4f34c2870a78a17739cd5df50359d2c2c7616822632df726d3" DCT_REPO_SERVER_ID: "ffbee21a1a71854a1c1310df4f5aded41726dd90d61050a6256168cd9268b1ee" DCT_REPO_ATTACHMENTS_ID: "e40fbcb5b273ad601c00ea905ca326ab68b395f17a46a8530e0ddd7d12bd4240" DCT_REPO_ICONS_ID: "0d3f5c6854610bd3d9b9c0a6851fe525b057976b46cb0f47de3942cf3b0be394" DCT_REPO_NOTIFICATIONS_ID: "1bf8d22352ec65a6c9b9282c454462240e0a1eb78bff03b65b5a4b7887599ab2" DCT_REPO_EVENTS_ID: "1020320052e6247f3c5fbfc2a3bfb0efc7e247f8a5a187dc03f60848359ac7c9" DCT_REPO_ADMIN_ID: "c5d80db8745fcd7a1510c3fba5c65582cfc2453d2b1eeb292abe79eb1351cf5c" DCT_REPO_NGINX_ID: "bf3d3247f5c2be73bbe830cddbae445c29e4fcc9e2fb4b4d39abf86a2740098b" DCT_REPO_K8SPROXY_ID: "bdad34c1202b2bbf8a460b66da08b2c1c1eea5864b29508782c00da145eb1fcd" DCT_REPO_SSO_ID: "97a5f6d29b255ff709ec63faad27c2f76246f006563bf3ecbb71547325c05815" DCT_REPO_PORTAL_ID: "4f358aa0a41c9a6650f5d2f907c2de418df34ddf3ee45e0994be7cc2dcd0b56e" DCT_REPO_MSSQL_ID: "30a44d7efbe48d30ed06abef003d2d8990205dad6a034617cddc03548f8c084e" DCT_REPO_SETUP_ID: "2932fb9c39b7eacf4418c7c9ee4c823f973c426412ddd64d7f9f0b6f940b8428" DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-key }} DCT_REPO_API_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-api-key }} DCT_REPO_IDENTITY_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-identity-key }} DCT_REPO_SERVER_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-server-key }} DCT_REPO_ATTACHMENTS_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-attachments-key }} DCT_REPO_ICONS_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-icons-key }} DCT_REPO_NOTIFICATIONS_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-notifications-key }} DCT_REPO_EVENTS_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-events-key }} DCT_REPO_ADMIN_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-admin-key }} DCT_REPO_NGINX_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-nginx-key }} DCT_REPO_K8SPROXY_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-k8sproxy-key }} DCT_REPO_SSO_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-sso-key }} DCT_REPO_PORTAL_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-portal-key }} DCT_REPO_MSSQL_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-mssql-key }} DCT_REPO_SETUP_KEY: ${{ steps.retrieve-secrets.outputs.dct-repo-setup-key }} - name: Checkout repo uses: actions/checkout@v2 - name: Restore run: dotnet tool restore - name: pull docker images run: | docker pull bitwarden/api:rc docker pull bitwarden/identity:rc docker pull bitwarden/server:rc docker pull bitwarden/attachments:rc docker pull bitwarden/icons:rc docker pull bitwarden/notifications:rc docker pull bitwarden/events:rc docker pull bitwarden/admin:rc docker pull bitwarden/nginx:rc docker pull bitwarden/nginx:rc docker pull bitwarden/sso:rc docker pull bitwarden/portal:rc docker pull bitwarden/mssql:rc docker pull bitwarden/setup:rc env: DOCKER_CONTENT_TRUST: 1 - name: re-tag docker images run: | tags=( latest beta ${RELEASE_VERSION} ) for TAG in "${tags[@]}" do docker tag bitwarden/api:rc bitwarden/api:$TAG docker tag bitwarden/identity:rc bitwarden/identity:$TAG docker tag bitwarden/server:rc bitwarden/server:$TAG docker tag bitwarden/attachments:rc bitwarden/attachments:$TAG docker tag bitwarden/icons:rc bitwarden/icons:$TAG docker tag bitwarden/notifications:rc bitwarden/notifications:$TAG docker tag bitwarden/events:rc bitwarden/events:$TAG docker tag bitwarden/admin:rc bitwarden/admin:$TAG docker tag bitwarden/nginx:rc bitwarden/nginx:$TAG docker tag bitwarden/nginx:rc bitwarden/k8s-proxy:$TAG docker tag bitwarden/sso:rc bitwarden/sso:$TAG docker tag bitwarden/portal:rc bitwarden/portal:$TAG docker tag bitwarden/mssql:rc bitwarden/mssql:$TAG docker tag bitwarden/setup:rc bitwarden/setup:$TAG done - name: List docker images run: docker images - name: Push beta images run: ./build.sh push beta env: DOCKER_CONTENT_TRUST: 1 DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-repo-passphrase }} - name: Push latest images run: ./build.sh push latest env: DOCKER_CONTENT_TRUST: 1 DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-repo-passphrase }} - name: Push version images run: ./build.sh push $($env:$RELEASE_VERSION) shell: pwsh env: DOCKER_CONTENT_TRUST: 1 DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-repo-passphrase }} - name: Make docker stub run: | STUB_OUTPUT=$(pwd)/docker-stub docker run -i --rm --name setup -v $STUB_OUTPUT:/bitwarden bitwarden/setup:dev \ dotnet Setup.dll -stub 1 -install 1 -domain bitwarden.example.com -os lin sudo chown -R $(whoami):$(whoami) $STUB_OUTPUT rm -rf $STUB_OUTPUT/letsencrypt rm $STUB_OUTPUT/env/uid.env $STUB_OUTPUT/config.yml touch $STUB_OUTPUT/env/uid.env cd docker-stub; zip -r ../docker-stub.zip *; cd .. - name: Upload docker stub artifact uses: actions/upload-artifact@v2 with: name: docker-stub.zip path: ./docker-stub.zip - name: Build swagger run: | cd ./src/Api echo "Restore" dotnet restore "Api.csproj" echo "Clean" dotnet clean "Api.csproj" -c "Release" -o "obj/Docker/publish/Api" echo "Publish" dotnet publish "Api.csproj" -c "Release" -o "obj/Docker/publish/Api" dotnet swagger tofile --output ../../swagger.json --host https://api.bitwarden.com ` ./obj/Docker/publish/Api/Api.dll public cd ../.. shell: pwsh env: ASPNETCORE_ENVIRONMENT: Production swaggerGen: 'True' - name: Upload swagger artifact uses: actions/upload-artifact@v2 with: name: swagger.json path: ./swagger.json - name: Log out of docker run: docker logout - name: Upload release assets if: github.event_name == 'release' run: | hub release edit ` -a ./swagger.json ` -a ./docker-stub.zip ` -m "Version $($env:RELEASE_VERSION)" ` $env:RELEASE_TAG_NAME shell: pwsh env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}